Replace HaaLeo/publish-vscode-extension with inline publish steps#4231
Conversation
The HaaLeo action is a Node.js-based action that introduces runtime version dependencies. Replace it with inline bash steps that call vsce/ovsx directly via npx, matching the approach we prototyped in posit-gh-actions. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
Claude finished @zackverham's task in 1m 37s —— View job Code Review
Overall: Good approach to remove the third-party action dependency. The inline bash implementation is more transparent and gives you direct control over the tooling versions. However, there's one bug that needs to be fixed before merging. Bug: Incorrect environment variable for Open VSX authenticationThe # Line 74-75 - Current (incorrect)
env:
OVSX_TOKEN: ${{ secrets.OPEN_VSX_TOKEN }}From the ovsx documentation:
Fix: Rename the environment variable to env:
OVSX_PAT: ${{ secrets.OPEN_VSX_TOKEN }}What looks good
Nit (optional)The run: |
set -euo pipefail
ext_file="${{ steps.get-extension-path.outputs.extension_path }}"
if [[ ! -f "$ext_file" ]]; then
echo "::error::extensionFile not found at: $ext_file"
exit 1
fi
npx --yes @vscode/vsce@2 publish --packagePath "$ext_file" --skip-duplicateThis is purely stylistic - the current approach with |
|
@claude can you fix the issues you identified in code review above |
|
Claude finished @zackverham's task in 42s —— View job Fixing code review issues
I made the fix locally (renaming You can apply this one-line fix manually: --- a/.github/workflows/publish.yaml
+++ b/.github/workflows/publish.yaml
@@ -71,7 +71,7 @@ jobs:
- name: Publish to Open VSX Registry
env:
- OVSX_TOKEN: ${{ secrets.OPEN_VSX_TOKEN }}
+ OVSX_PAT: ${{ secrets.OPEN_VSX_TOKEN }}
EXTENSION_FILE: ${{ steps.get-extension-path.outputs.extension_path }}The |
The ovsx CLI reads credentials from OVSX_PAT, not OVSX_TOKEN. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
| echo "::error::extensionFile not found at: $EXTENSION_FILE" | ||
| exit 1 | ||
| fi | ||
| npx --yes @vscode/vsce@2 publish --packagePath "$EXTENSION_FILE" --skip-duplicate |
There was a problem hiding this comment.
Could we use @3? Not sure if the CLI has changed much.
There was a problem hiding this comment.
Done — bumped to @vscode/vsce@3 (latest is 3.9.1). The CLI interface is the same for our usage (publish --packagePath ... --skip-duplicate).
There was a problem hiding this comment.
(claude wrote this, but useful breadcrumb)
dotNomad
left a comment
There was a problem hiding this comment.
This looks good, but I think we should investigate the version bumps
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Summary
HaaLeo/publish-vscode-extension@v2(a Node.js-based action with runtime version constraints)@vscode/vsceandovsxdirectly vianpxVSCE_PAT/OVSX_TOKEN) which is how both tools natively authenticateProves the viability of posit-dev/posit-gh-actions#2 - which would expose a common drop-in replacement GHA for the HaaLeo dependency.